Black Duck Software
and JFrog

Manage Open Source Risks Across the Software Supply Chain

Open Source makes its way into your software through many channels and it’s important to manage open source risks throughout your software development lifecycle and beyond. Black Duck integrations with JFrog allow you leverage Black Duck’s industry leading open source vulnerability management capabilities as part of your JFrog deployment.

Enforce open source use and security policies during repository transactions

Combine repository enforcement with visibility and protection during the upstream development, build, and CI processes

Black Duck Integrations With JFrog Artifactory and XRay

Black Duck plugin for Artifactory scans the binary repository to ensure the code artifacts being used comply with open source use policies and are free from known vulnerabilities. Black Duck scans artifacts already in the repository and will also scan any artifacts being added to prevent vulnerable components from entering or propagating in application code.

Black Duck also integrates with Xray. Xray scans your Artifactory repository. When integrated with Black Duck, it queries the Black Duck KnowledgeBase™ directly for open source vulnerability and license information on specific artifacts.

By scanning open source components in the repository, development teams can attack vulnerabilities earlier in the SDLC, saving time and money on remediation processes. In addition, Black Duck's vulnerability & policy monitoring will alert you on any new security risks or policies that affect artifacts in the repository.